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Amendments to the Drawings: 

The attached sheets of drawings includes changes to Figs. 1 and 4. These sheets, which include 
Figs. 1 and 4 replace the original sheets including Figs. 1 and 4. 

Attachment: Replacement Sheets 



Page 7 of 16 



Appl.No. 10/631,366 

Amdt. dated July 30, 2007 

Reply to Office Action of February 2, 2007 



PATENT 



REMARKS/ARGUMENTS 

This Amendment is in response to the Office Action mailed February 2, 2007. 
Claims 1-21 were pending and examined. 

Claims 6, 7, 11-13, 17, 18, 20, and 21 have been amended, claims 10, 14-16, and 
19 have been canceled, and new claim 22 has been added. Applicant submits that no new matter 
has been introduced by virtue of these amendments. After entry of this Amendment, claims 1-9, 
11-13, 17, 18, and 20-22 will remain pending in the present application. Reconsideration of the 
rejected claims is respectfully requested. 

Objection to the Drawings 

Fig. 1 is objected to because "Fig. 1 should be labeled as a prior art figure." 
(Office Action: pg. 2). Fig. 1 has been amended to include the legend "Prior Art." No new 
matter has been added. Thus, the objection to Fig. 1 is believed to be overcome. 

The drawings are generally objected to as failing to show every feature of the 
invention specified in the claims. (Office Action: pg. 2). Specifically, the Office Action asserts 
that "the 'removing the second source IP address from the table when the second source IP 
address is determined to no longer be present on the port' (claim 6-7 and 14) must be shown or 
the feature(s) canceled from the claim(s)." (Office Action: pg. 2). Fig. 4 has been amended to 
include the above recited feature of the pending claims. No new matter has been added. Thus, 
the general objection to the drawings is believed to be overcome. 

Objection to the Claims 

Claim 14 is objected to for an informality. Claim 14 has been canceled without 
prejudice. Accordingly, the objection to claim 14 is moot. 
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35 U.S.C. $112 Rejection of Claims 6, 7, 11, 13, and 14 

Claims 6, 7, 11, 13, and 14 are rejected under 35 U.S.C. §1 12 (second paragraph) 
as being indefinite for failing to specifically point out and distinctly claim the subject matter that 
Applicant regards as the invention. 

Regarding claims 6, 7, 11, 13, and 14, the Office Action states "ports are not 
storage devices and the phrase: 'IP address. . . present on the port' recited in claims 6, 7, 11, 13, 
and 14 is not understood." (Office Action: pg. 3). Claims 6, 7, 11, and 13 have been amended to 
remove the objected-to phrase "present on the port." Claim 14 has been canceled without 
prejudice. Accordingly, this ground for the rejection of claims 6, 7, 11, 13, and 14 is believed to 
be overcome or moot. 

Regarding claim 10, the Office Action states "claim 10 recites: 'receiving a first 
data packet on the port;. . . passing the data packet through the port if the first source IP address 
stored in the table.' It appears that 'the data packet' refers to the previously cited 'a first data 
packet.' As a result, the limitation is not understood." (Office Action: pg. 3-4). Claim 10 has 
been canceled without prejudice. Accordingly, the rejection of claim 10 is moot. 
Further regarding claims 6 and 7, the Office Action states: 

Claims 6-7 and 14 are ambiguous, perhaps missing essential elements. Claims 
6-7 and 14 are dependent on claims reciting a table storing MAC/IP addresses used in filtering 
data. Claims 6-7 and 14 add limitations that require removing an address from the table when the 
address is not present on the first port. The relationship between the address in the table and ports 
is not understood. It is not clear whether the limitation is directed towards the active connection 
between the device and a source network device or whether some other interpretation should be 
exercised. If the limitation would refer to the active session then it is not cleared [sic] whether the 
table is an access control table, as it seems to be the point of the invention (see Abstract) or simply 
a reference table that keeps a track of current sessions. Applicant should amend the claim 
language and/or include missing limitations in order to clarify the connection between elements of 
claims 6-7, 14 and the claims they depend on. (Office Action: pg. 4, emphasis added). 
Applicant respectfully disagrees. 

Applicant submits that the subject matter of claims 6 and 7 is sufficiently clear 
and unambiguous to satisfy the requirements of 35 U.S.C. §1 12, second paragraph. For example, 
as noted in the Office Action, claims 6 and 7 recite features that include removing a source IP 
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address from a table in a network device when a device having the source IP address is no longer 
coupled to a port of the network device. Applicant submits that the plain language meaning of 
this feature as recited in claims 6 and 7 is clear. 

It appears from the cited section of the Office Action that the Examiner is unclear 
as to the purpose, or utility, of the features recited in claims 6 and 7. For example, the Office 
Action wonders whether "the point of the invention" is to define an "access control table" or a 
"reference table." However, 35 U.S.C. §112, second paragraph, merely requires that a claim 
distinctly point out and distinctly claim the subject matter which is regarded as the invention. 35 
U.S.C. §1 12, second paragraph, does not require that a claim distinctly point out and distinctly 
claim the purpose the subject matter . 

To the extent that the Examiner requires an established purpose or utility for the 
features of claims 6 and 7, the Examiner is respectfully directed to Applicant's specification as 
filed. For example, page 7 of the Specification as filed, provides: 

In one embodiment, the port security processor 242 will periodically poll ports 
for the learned IP addresses which are stored in the table to ensure that host devices with the 
learned source IP addresses are still coupled to the port. If it is determined thai a host device 
havin g i' nc learned IP source address is no lon g er coupled 1o a poll llicn source IP address lor the 
host that is no lon ger present can be removed from the table so as to allow a new source IP address 
to have access to the port . 

(Specification: pg. 7, lines 3-8; emphasis added). 
For at least the foregoing reasons, Applicant respectfully requests that the Section 
112 rejections be withdrawn. 

35 U.S.C. §102(e) Rejection of Claims 1, 2, 4, 5, and 10 

Claims 1, 2, 4, 5, and 10 are rejected under 35 U.S.C. §102(e) as being anticipated 
by Doyle (U.S. Patent No. 7,134,012, hereinafter "Doyle"). Applicant respectfully submits that 
Doyle does not disclose each feature of these claims. 

For example, independent claim 1 recites: 

In a network device having a plurality of ports and providing switching 
functions between ports, a method for providing port security, comprising: 
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receiving a first data packet on a port; 

determining a first MAC address for the received first data packet; 

determining a first source IP address for the received first data packet, wherein 
the first source IP address for the received first data packet and the first MAC address for the 
received first data packet form a first source IP address and MAC address pair; 

comparing the first source IP address and MAC address pah with information in 
a table which stores source IP address and MAC address pairs ; and 

passing the received first data packet through the port, when the first source IP 
address and MAC address pah is found in the table . 

(Applicant's claim 1, emphasis added). 

As recited above, embodiments of claim 1 compare a first source IP address and 
MAC address pair with information in a table which stores source IP address and MAC address 
pairs, and passes the corresponding data packet through a port when the pair is found in the table . 
Applicant submits that at least these features of claim 1 are not disclosed by Doyle. 

Doyle is directed to a method for detecting spoofed source IP addresses where the 
detection is performed by performing two separate lookups using two separate values or keys, 
each lookup searching for a value or key in a table. As shown in Fig. 6 of Doyle, a data packet is 
received (600) and a source IP address and MAC address are obtained from the packet (605). 
Once the source IP address and MAC address are obtained, a first lookup is performed where the 
MAC address is searched for in an ARP table (610). If the MAC address is found in the table 
(and if the MAC address does not correspond to a router), a second lookup is subsequently 
performed where the source IP address is searched for in the table (650). If the source IP address 
is also found, the packet is forwarded (646). Thus, as best understood, Doyle teaches a two-stage 
lookup into a table to detect packets with spoofed IP addresses, the lookups being performed one 
after the other. 

Applicant submits that the method described in Doyle is very different from the 
invention recited in Applicant's claim 1. For example, claim 1 specifically recites " comparing 
the first source IP address and MAC address pair with information in a table which stores source 
IP address and MAC address pairs " and "passing the received first data packet through the port, 
when the first source IP address and MAC address pair is found in the table." Thus, claim 1 
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specifically recites that a pair (the source IP address and MAC address pair) is searched for in a 
table. Since Doyle teaches detecting a spoofed source IP address based on a two-stage lookup of 
two separate keys (MAC address and source IP address) in a table, rather than a single lookup of 
a single source IP address and MAC address pair in a table, Doyle necessarily fails to disclose or 
suggest "comparing the first source IP address and MAC address pair with information in a table 
which stores source IP address and MAC address pairs" and "passing the received first data 
packet through the port, when the first source IP address and MAC address pair is found in the 
table" as recited in claim 1 . 

For at least the foregoing reasons, Applicant submits that Doyle does not 
anticipate or render obvious Applicant's claim 1 . Applicant therefore respectfully requests that 
the rejection with respect to claim 1 be withdrawn. 

Dependent claims 2, 4, and 5 depend (either directly or indirectly) from claim 1 . 
Thus, Applicant submits that claims 2, 4, and 5 are allowable for at least a similar rationale as 
discussed above for claim 1 . 

Applicant further submits that claims 2, 4, and 5 are patentable for additional 
reasons. For example, claim 5 recites "wherein the table is stored in an access control list of a 
content addressable memory device ." Applicant submits that at least this additional feature is 
not disclosed by Doyle. The Office Action asserts that "in order for the device to access the 
entries, the table inherently must be stored in a content addressable memory." (Office Action: 
pg. 6). Applicant respectfully disagrees. 

Contrary to the Office Action's assertion, there is nothing that suggests the table 
inherently must be stored in an access control list of a content addressable memory, as recited in 
claim 5. There are several ways in which a table may be implemented or stored. For example, a 
table may be stored in any type of memory device, such as Dynamic RAM (DRAM), etc. In 
contrast, claim 5 recites a specific implementation wherein the table is stored in an access control 
list of a content addressable memory (CAM). A CAM is a type of computer memory that is 
specifically adapted for high speed searching. Since Doyle makes no reference to CAMs at all, 
Doyle does not disclose or suggest "wherein the table is stored in an access control list of a 
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content addressable memory device" as recited in claim 5. Accordingly, claim 5 is believed to 
be allowable over Doyle for at least this additional reason. 

Claim 10 has been canceled without prejudice. Accordingly, the rejection of 
claim 10 is moot. 

35 U.S.C. §102(b) Rejection of Claim 10 

Claim 10 is rejected under 35 U.S.C. § 102(b) as being anticipated by Pfleeger 
("Security in Computing", 2nd edition, 1996, ISBN: 0133374866, hereinafter "Pfleeger"). Claim 
10 has been canceled without prejudice and without disclaimer. Accordingly, the rejection of 
claim 10 is moot. 

35 U.S.C. §103(a) Rejection of Claims 6-8 and 11-15 

Claims 6-8 and 11-15 are rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Doyle in view of Official Notice. Applicant submits that Doyle and the Official Notice, 
considered individually or in combination, do not teach or suggest the features of these claims. 

Claims 6-8 and 11-15 depend (either directly or indirectly) from independent 
claim 1. Thus, claims 6-8 and 1 1-15 are patentable over Doyle for at least a similar rationale as 
discussed above for claim 1, and others. 

The deficiencies of Doyle in this regard are not remedied by the Official Notice. 
For example, the features of "comparing the first source IP address and MAC address pair with 
information in a table which stores source IP address and MAC address pairs" or "passing the 
received first data packet through the port, when the first source IP address and MAC address 
pair is found in the table" as recited in claim 1 are not known or would not have been obvious to 
one or ordinary skill in the art. If the Examiner believes that these features of claim 1 are taught 
by the prior art, then the Examiner is requested to identify references that provide such a 
teaching. Thus, Applicant submits that the 35 USC 103 rejection has been overcome for claims 
6-8 and 11-15. 

For at least the forgoing reasons, Applicant respectfully requests that the rejection 
of claims 6-8 and 1 1-15 be withdrawn. 
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35 U.S.C. §103(a) Rejection of Claim 3 

Claim 3 is rejected under 35 U.S.C. § 103(a) as being unpatentable over Doyle in 
view of Whelan (U.S. Publication No. 2004/0003285, hereinafter "Whelan"). Applicant submits 
that Doyle and Whelan, considered individually or in combination, do not teach or suggest the 
features of this claim. 

Claim 3 depends from independent claim 1 . Thus, claim 3 is patentable over 
Doyle for at least a similar rationale as discussed above for claim 1 , and others. 

The deficiencies of Doyle in this regard are not remedied by Whelan. Whelan is 
directed to a system for detecting unauthorized wireless access points. (Whelan: Abstract). As 
best understood, Whelan makes no reference to the general concept of detecting spoofed source 
IP addresses, or the specific features of "comparing the first source IP address and MAC address 
pair with information in a table which stores source IP address and MAC address pairs" and 
"passing the received first data packet through the port, when the first source IP address and 
MAC address pair is found in the table" as recited in claim 1 . Thus, even if Doyle and Whelan 
were combined (although there appears to be no motivation to combine), the resultant 
combination would not teach or suggest all of the features of claim 3. 

Applicant submits that claim 3 also recites additional features that are not taught 
or suggested by Doyle or Whelan, considered individually or in combination. For example, 
claim 3 recites in part "performing a reverse IP check to confirm the learned source IP address." 
The Office Action concedes that Doyle does not teach this feature. (Office Action: pg. 8). 
However, the Office Action goes on to assert that this feature is taught by Whelan because 
"Whelean [sic] discloses performing a reverse IP check to confirm the IP address (Whelean [sic], 
[0036])." (Office Action: pg. 9). Applicant respectfully disagrees. 

The cited section of Whelan describes performing a reverse ARP request to 
determine the IP address of a rogue access point based on its MAC address. Applicant submits 
that performing a reverse ARP request is substantially different from performing a reverse IP 
check . Accordingly, Whelan fails to teach or suggest "performing a reverse IP check to confirm 
the learned source IP address" as recited in claim 3. Thus, even if Doyle and Whelan were 
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combined (although there appears to be no motivation to combine), the resultant combination 
would not teach or suggest at least this additional feature of claim 3. 

For at least the forgoing reasons, Applicant respectfully requests that the rejection 
of claim 3 be withdrawn. 

35 U.S.C. §103(a) Rejection of Claims 9 and 16-21 

Claims 9 and 16-21 are rejected under 35 U.S.C. §103(a) as being unpatentable 
over Doyle in view of Sawada (U.S. Publication No. 6907470, hereinafter "Sawada"). Applicant 
submits that Doyle and Sawada, considered individually or in combination, do not teach or 
suggest the features of these claims. 

Claim 16 has been canceled without prejudice. Thus, the rejection of claim 16 is 

moot. 

Dependent claim 9 depends from independent claim 1 . Independent claim 17 
recites features that are substantially similar to claim 1, and dependent claims 18-21 depend from 
claim 17. Thus, claims 9 and 17-21 are patentable over Doyle for at least a similar rationale as 
discussed above for claim 1, and others. 

The deficiencies of Doyle in this regard are not remedied by Sawada. Sawada is 
directed to a packet communications apparatus (Sawada: Abstract). As best understood, Sawada 
makes no reference to the general concept of detecting spoofed source IP addresses, or the 
specific features of "comparing the first source IP address and MAC address pair with 
information in a table which stores source IP address and MAC address pairs" and "passing the 
received first data packet through the port, when the first source IP address and MAC address 
pair is found in the table" as recited in claims 1 and 17. Thus, even if Doyle and Sawada were 
combined (although there appears to be no motivation to combine), the resultant combination 
would not teach or suggest all of the features of claims 9 and 17-21 . 

For at least the forgoing reasons, Applicant respectfully requests that the rejection 
of claims 9 and 16-21 be withdrawn. 
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New Claim 22 

New claim 22 has been added to claim features of the present invention. 
Applicant submits that claim 22 is patentable for at least a similar rationale as discussed above 
for claim 1, and others. 



CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 650-326-2400. 



Respectfully submitted, 
/Andrew J. Lee/ 
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Reg. No. 60,371 
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San Francisco, California 941 1 1-3834 
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